README: Added more reasons the browsers trust first party
This commit is contained in:
parent
9326dc6aca
commit
b09f861c27
GPG key ID:
D8A7ECA00A8CD3DD
4
dist/README.md
vendored
4
dist/README.md
vendored
|
|
@ -14,8 +14,8 @@ However, to circumvent this block, tracker companies made the websites using the
|
||||||
The latter is a DNS redirection to `website1.trackercompany.com`, directly to an IP address belonging to the tracking company.
|
The latter is a DNS redirection to `website1.trackercompany.com`, directly to an IP address belonging to the tracking company.
|
||||||
|
|
||||||
Those are called first-party trackers.
|
Those are called first-party trackers.
|
||||||
On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.
|
On top of aforementionned privacy issues, they also cause some security issue, as websites usually trust those scripts more.
|
||||||
For more information, learn about [Cross-Origin Resource Sharing](https://enable-cors.org/).
|
For more information, learn about [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP), [same-origin policy](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy) and [Cross-Origin Resource Sharing](https://enable-cors.org/).
|
||||||
|
|
||||||
In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
|
In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
|
||||||
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com`.
|
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com`.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue